Keepr Storage Bug

Posted on Mar 7, 2021

Last year, I found a bug on Keepr Storage's Android app. It has the same bug as of Globe Telecom's where the API endpoint was not using secure HTTP. As a result, I can see my data in plaintext over Wi-Fi.

Using Wireshark

But as of version v1.3.6 of their app, this bug has been fixed already. They didn't respond to my email last year though.